[Nix-dev] Re: What about introducing security.packages?

Michael Raskin 7c6f434c at mail.ru
Sat Aug 20 18:26:24 CEST 2011


<j2ol9i$hp6$1 at dough.gmane.org>)
Mime-Version: 1.0
Content-type: text/plain; charset="UTF-8"

>>   * No more broken wrappers in /var/setuid-wrappers.
>> E.g., I have no wodim in systemPackages but I have /var/setuid-
>> wrappers/wodim.
>>
>>   * If someone changes a package in nixpkgs so that the location of a binary
>> is changes, he sees that he should change 'suid request' accordingly.
>
>Yes, this would be great.  It could be done by creating a file 
>$out/nix-support/setuid-binaries specifying a list of packages that need 
>to be setuid/setgid <whatever>.

Is there any rational reason for it not being a Nix-expression attribute?
Say, passthru.securityWrappers = ..






More information about the nix-dev mailing list